As the American Civil Liberties Union was chastising the Transportation Security Administration (TSA) for having a million names on the No Fly Watch (or selectee) List, I was preparing for another business trip. The travel hassles have not changed since I found myself on the list in January of 2005. Airline boarding passes cannot be printed at home, no curb check of bags is allowed, airline kiosks send you to the ticket counter, and that's when the fun begins. Like everyone on the list, I present identification in several forms and then step to the side to wait as the airline employee calls Washington to get me clearance. When my boarding pass is finally printed, there is often a checkerboard along the bottom, which alerts TSA officials at security screening that I am to be given special attention.
Many friends and more politically active types than I can count believe I was placed on the "selectee" list as a consequence of writing Bush's Brain and The Architect, two books critical of the current administration and the president's political gun Karl Rove. Circumstance suggests they might be right. But I do not know. My second book, Bush's War for Reelection, was released during the fall 2004 campaign and broke the news regarding the president's incomplete National Guard records. CBS and other news organizations used much of that research to pursue the story further, though their efforts did not prevent Bush's second term. A few months later, when I went to the airport for a January 2005 business trip, I discovered I was on the list. (CNN's Drew Griffin, recently doing reports on incompetence regarding the terrorist lists, also reported he has been placed on the No Fly Watch List.)
While I have no doubt that Rove and numerous other bad actors in the administration would use the selectee list to harass their political enemies, I am more inclined to believe the problem is breath-taking incompetence and outdated technology. The TSA is trying to refute the ACLU's claims that a million names are on the list as of last week but their explanation only reveals the agency's failings. The Inspector General of the Justice Department said in September of 2007 that 700,000 names were on the watch list and 20,000 were being added per month, which led to the ACLU's figure of one million this month. (TSA says the 700,000 names were scrubbed and reduced by 50 percent but has not refuted the 20,000 new names per month.)
The 20,000 new names monthly are actually new "records," according to the TSA's own web site. "A new 'record' is created for every alias, date-of-birth, passport and other identifying information for watch listed suspects." In other words, Osama is on the list both by his known name and, most likely, its various derivatives like "Usama" and "Asama" even "Isamma." Each one of those represents what TSA refers to as a "record." Osama, of course, is not likely to travel under any alias even remotely close to his name, nor is any other terrorist, but their aliases are a part of why there are one million records on the list. In fact, if the TSA's numbers are accurate and there are only 400,000 people on the Consolidated Terror Watch List then there are 600,000 "records" of aliases and variations on passport numbers, addresses, dates of birth, and other identifying data, which increases the probability that innocent Americans are matched with terrorist suspects.
The TSA has kept a defensive posture by arguing that 95 percent of the names on its lists are terrorists and are not in the U.S. But who can believe such an assertion? Isn't any determined terrorist going to know their name is on the list and either not travel or come up with a clever alias? This, therefore, begs the next logical question of who, exactly, is TSA trying to keep from flying and why?
Me, of course. And Drew Griffin of CNN. And David Nelson, (son of Ozzie and Harriet of 60s TV fame.) And Nobel Peace Prize Winner Nelson Mandela. And Major General Vernon Lewis, who holds the Army's Distinguished Service Medal and has a top secret security clearance. And Marine Staff Sgt. Daniel Brown who flew home from combat duty in Iraq to discover he was not able to board a flight in the country he had just served. And six year-old John William Anderson, who was born on the Fourth of July and was stopped by airport security enroute to Disney World. And the list goes on and on and on and on.
TSA claims that of the 400,000 names on the Consolidated Terror Watch List, two small subsets (No Fly Watch and No Fly lists) of 50,000 people are "reserved for known or suspected terrorists that reach a threshold where they should not be allowed to fly, or should get additional scrutiny." Everyone I named above is included in that category. Few of us, I suspect, would complain about the inconvenience if we thought our inclusion was making the country safer but there is no record of the TSA's data every playing a role in the capture of a terrorist.
The most maddening part of all of this is that there seems to be little any of us can do to extricate ourselves from the list. No matter how many times you prove you are an American citizen, have no arrest record, pay your taxes, get a lump in your throat when you see Old Glory, you still don't get off the list and you have to prove your citizenship and identity every time you return to the airport. TSA established the Travelers' Redress Inquiry Program (TRIP) to allow people like me to input data and seek removal from the list but you are never informed of their decision or how it was reached. Filing a lawsuit to appeal has resulted in plaintiffs being told information they seek for justice cannot be delivered for reasons of national security, which is why they were put on the list in the first place. (This is not circular logic; this is hilarity.)
The Washington Post reported last year that the name matching technology being used by the TSA was based on Soundex, an algorithm developed in 1918 to parse U.S. census data. Soundex removes vowels from names and assigns a numerical value to remaining consonants. The result is hundreds of "false positive" matches and unnecessary inconvenience for tens of thousands of airline passengers. Using Soundex, Barack Obama's name, for instance, shows a match with someone named Brisco O'Finn, who sounds like an IRA terrorist in a Tom Clancy novel.
In an attempt to acquire some public confidence, the TSA launched a new system called Secure Flight. An analysis of the system findings by at least one technology company, however, indicates Secure Flight did nothing more than use a process known as "look up." This is rules-based software that tells a computer that Bob = Robert = Rob = Bobby. Rules-based matching brought the TSA completely up to date with............1970. This, obviously, offers some clues as to why so many innocent people with common names are detained at airports. Using extensive human resources to process all of these victims of "false positive" matches means there is less chance that a potential terrorist will be caught trying to board a flight. Secure Flight tried to improve the system by using private data, which ultimately drew resistance. Although private data might have stopped more suspects, it is silly to think the TSA would have overlooked all of the false positive matches turned up by Soundex and "look up" just to concentrate on what they found using private data.
Not surprisingly, Secure Flight was a disaster and resolved nothing. TSA knows there is a more advanced approach available for dealing with data but if they are using it for their launch of the new and allegedly improved Secure Flight II, they are not saying. Because I have an interest in this issue, I know that a company I have worked with, S3 Matching Technologies of Austin, Texas, demonstrated a sophisticated algorithmic-scoring technology to TSA and got no response. Algorithmic scoring, which rates matches on their probability of being correct, can eliminate more than 95 percent of all "false positive" matches. Algorithmic scoring is about as close as you can come to getting a computer to think for you.
Although S3 uses its technology to run two of the largest business telecom networks in the world and process a billion NYSE and NASDAQ transactions on a daily basis for many of the country's most recognizable financial services companies, TSA expressed no interest in their product. A number of data quality companies like Trillium, Dataflux, IBM's Ascential, and Business Objects offer products that can improve the data quality at TSA, and it is possible TSA has quietly signed a contract with one of them but it is equally likely that TSA has chosen nothing more than an improved version of a rules-based matching engine, instead of the more effective algorithmic scoring system.
What's going on here? If the TSA can fix the list with better technology, why doesn't that happen? Isn't it possible that the larger list allows the federal government to monitor the travel of non-terrorist and politically vocal Americans with the same impunity demonstrated by the unconstitutional tapping of our phones?
Even if there were an improvement in the data matching technology for TSA and other federal agencies, there are issues regarding the quality of the source data. In the TSA's case, data comes from the Terrorist Screening Center (TSC), which is operated by the FBI. A GAO report in 2004 indicated that the TSC used data from 12 governmental lists to build the No Fly List and the No Fly Watch (Selectee) Lists. Even FBI agents, however, have complained about their quality. In an email obtained by the ACLU through a Freedom of Information request, one agent, critical of the TSA's rationale, wrote, "Unfortunately, egg headed thinking like this muddies the waters to the point where the no-fly list and selectee lists become virtually worthless (garbage in, garbage out)." Another agent sent a colleague a note that said, "These lists are not comprehensive and not centralized. Some subjects appear on one list but not the others. Some of the lists are old and not current. We are really confused."
This seems to be a problem that is rampant within our government. While major corporations deal with massive amounts of data on a daily basis with the latest technology, the federal government, which is charged with protecting our borders and our society's most critical institutions, does not appear to know how to maintain data quality and is consistently overwhelmed by digital information. NBC News recently reported U.S. government statistics that taxpayers are defrauded out of about $60 billion annually in Medicaid and Medicare payments to bogus providers. In spite of the fact that we spend billions annually on a questionable war, we leave federal employees trying to match millions of names and doctor and provider IDs using simple EXCEL or MS ACCESS data sheets. A bit of money invested in advanced matching technology would reduce these figures dramatically. Taxpayers deserve to have the latest technology protecting their money the same way it does investors in private businesses.
Unfortunately, Washington has been slow to adapt. Just last week the Centers for Medicare and Medicaid Services (CMS) acknowledged paying out $92 million over six years to providers who used the IDs of dead doctors to file claims. CMS had promised six years ago to end the problem but only recently came up with a new identification and matching system. CMS told a Senate Homeland Security subcommittee that it will now run matches on doctor and provider IDs every 90 days to make sure fraud is eliminated. Undoubtedly, there was no one on the committee aware of the fact that systems exist to run advanced matching technology on a daily basis, which could eliminate the chance of fraud that exists in that 90 day window. Saving $92 million out of the $60 billion estimated in annual fraud was characterized by one critic, however, as a bit like "running into a burning house and grabbing the silverware."
Imagine, therefore, the depth and the breadth of bad data in the government's largest database of all.....Social Security. The Social Security Administration's Inspector General has reported that there are about 18 million "inconsistencies" in that database. While the IG report was generally complimentary of the agency's maintenance of an overall quality database for 435 million Social Security numbers, it pointed out that the bad data present on the list is likely to mean problems for legal workers and U.S. citizens trying to get hired using the new E-Verify system established to prevent employers from giving jobs to undocumented workers. Indeed, among the businesses presently using E-Verify, thousands have reported that legal workers have been given "no match" (meaning you get no job) letters from Social Security, undoubtedly, as a consequence of bad data. All of this, of course, leads to the recurring question of why doesn't Social Security, the largest repository of data our government is likely to have, use contemporary technology to cleanse, merge, and update data on a daily basis to get rid of the inconsistencies? The agency's present data conditions reveal a level of performance that offers evidence of outdated software.
When the next president takes office, among the items at the top of his list ought to be a mandate to deliver a little advanced technology to the federal government to protect the taxpayers from further waste.
As for me, I need to stop criticizing or I'm never going to get off the No Fly Watch List.